Socket
Socket
Sign inDemoInstall

semver

Package Overview
Dependencies
0
Maintainers
6
Versions
107
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 6.3.0 to 6.3.1

28

package.json
{
"name": "semver",
"version": "6.3.0",
"version": "6.3.1",
"description": "The semantic version parser used by npm.",
"main": "semver.js",
"scripts": {
"test": "tap",
"preversion": "npm test",
"postversion": "npm publish",
"postpublish": "git push origin --follow-tags"
"test": "tap test/ --100 --timeout=30",
"lint": "echo linting disabled",
"postlint": "template-oss-check",
"template-oss-apply": "template-oss-apply --force",
"lintfix": "npm run lint -- --fix",
"snap": "tap test/ --100 --timeout=30",
"posttest": "npm run lint"
},
"devDependencies": {
"tap": "^14.3.1"
"@npmcli/template-oss": "4.17.0",
"tap": "^12.7.0"
},
"license": "ISC",
"repository": "https://github.com/npm/node-semver",
"repository": {
"type": "git",
"url": "https://github.com/npm/node-semver.git"
},
"bin": {

@@ -25,5 +32,8 @@ "semver": "./bin/semver.js"

],
"tap": {
"check-coverage": true
"author": "GitHub Inc.",
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"content": "./scripts/template-oss",
"version": "4.17.0"
}
}

@@ -29,4 +29,7 @@ exports = module.exports = SemVer

var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6
// The actual regexps go on exports.re
var re = exports.re = []
var safeRe = exports.safeRe = []
var src = exports.src = []

@@ -40,2 +43,27 @@ var t = exports.tokens = {}

var LETTERDASHNUMBER = '[a-zA-Z0-9-]'
// Replace some greedy regex tokens to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
var safeRegexReplacements = [
['\\s', 1],
['\\d', MAX_LENGTH],
[LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH],
]
function makeSafeRe (value) {
for (var i = 0; i < safeRegexReplacements.length; i++) {
var token = safeRegexReplacements[i][0]
var max = safeRegexReplacements[i][1]
value = value
.split(token + '*').join(token + '{0,' + max + '}')
.split(token + '+').join(token + '{1,' + max + '}')
}
return value
}
// The following Regular Expressions can be used for tokenizing,

@@ -50,3 +78,3 @@ // validating, and parsing SemVer version strings.

tok('NUMERICIDENTIFIERLOOSE')
src[t.NUMERICIDENTIFIERLOOSE] = '[0-9]+'
src[t.NUMERICIDENTIFIERLOOSE] = '\\d+'

@@ -58,3 +86,3 @@ // ## Non-numeric Identifier

tok('NONNUMERICIDENTIFIER')
src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-][a-zA-Z0-9-]*'
src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-]' + LETTERDASHNUMBER + '*'

@@ -101,3 +129,3 @@ // ## Main Version

tok('BUILDIDENTIFIER')
src[t.BUILDIDENTIFIER] = '[0-9A-Za-z-]+'
src[t.BUILDIDENTIFIER] = LETTERDASHNUMBER + '+'

@@ -182,2 +210,3 @@ // ## Build Metadata

re[t.COERCERTL] = new RegExp(src[t.COERCE], 'g')
safeRe[t.COERCERTL] = new RegExp(makeSafeRe(src[t.COERCE]), 'g')

@@ -192,2 +221,3 @@ // Tilde ranges.

re[t.TILDETRIM] = new RegExp(src[t.TILDETRIM], 'g')
safeRe[t.TILDETRIM] = new RegExp(makeSafeRe(src[t.TILDETRIM]), 'g')
var tildeTrimReplace = '$1~'

@@ -208,2 +238,3 @@

re[t.CARETTRIM] = new RegExp(src[t.CARETTRIM], 'g')
safeRe[t.CARETTRIM] = new RegExp(makeSafeRe(src[t.CARETTRIM]), 'g')
var caretTrimReplace = '$1^'

@@ -230,2 +261,3 @@

re[t.COMPARATORTRIM] = new RegExp(src[t.COMPARATORTRIM], 'g')
safeRe[t.COMPARATORTRIM] = new RegExp(makeSafeRe(src[t.COMPARATORTRIM]), 'g')
var comparatorTrimReplace = '$1$2$3'

@@ -259,2 +291,10 @@

re[i] = new RegExp(src[i])
// Replace all greedy whitespace to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
safeRe[i] = new RegExp(makeSafeRe(src[i]))
}

@@ -284,3 +324,3 @@ }

var r = options.loose ? re[t.LOOSE] : re[t.FULL]
var r = options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL]
if (!r.test(version)) {

@@ -340,3 +380,3 @@ return null

var m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL])
var m = version.trim().match(options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL])

@@ -786,2 +826,3 @@ if (!m) {

comp = comp.trim().split(/\s+/).join(' ')
debug('comparator', comp, options)

@@ -803,3 +844,3 @@ this.options = options

Comparator.prototype.parse = function (comp) {
var r = this.options.loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]
var r = this.options.loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
var m = comp.match(r)

@@ -928,5 +969,12 @@

// First reduce all whitespace as much as possible so we do not have to rely
// on potentially slow regexes like \s*. This is then stored and used for
// future error messages as well.
this.raw = range
.trim()
.split(/\s+/)
.join(' ')
// First, split based on boolean or ||
this.raw = range
this.set = range.split(/\s*\|\|\s*/).map(function (range) {
this.set = this.raw.split('||').map(function (range) {
return this.parseRange(range.trim())

@@ -939,3 +987,3 @@ }, this).filter(function (c) {

if (!this.set.length) {
throw new TypeError('Invalid SemVer Range: ' + range)
throw new TypeError('Invalid SemVer Range: ' + this.raw)
}

@@ -959,16 +1007,15 @@

var loose = this.options.loose
range = range.trim()
// `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`
var hr = loose ? re[t.HYPHENRANGELOOSE] : re[t.HYPHENRANGE]
var hr = loose ? safeRe[t.HYPHENRANGELOOSE] : safeRe[t.HYPHENRANGE]
range = range.replace(hr, hyphenReplace)
debug('hyphen replace', range)
// `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`
range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace)
debug('comparator trim', range, re[t.COMPARATORTRIM])
range = range.replace(safeRe[t.COMPARATORTRIM], comparatorTrimReplace)
debug('comparator trim', range, safeRe[t.COMPARATORTRIM])
// `~ 1.2.3` => `~1.2.3`
range = range.replace(re[t.TILDETRIM], tildeTrimReplace)
range = range.replace(safeRe[t.TILDETRIM], tildeTrimReplace)
// `^ 1.2.3` => `^1.2.3`
range = range.replace(re[t.CARETTRIM], caretTrimReplace)
range = range.replace(safeRe[t.CARETTRIM], caretTrimReplace)

@@ -981,3 +1028,3 @@ // normalize spaces

var compRe = loose ? re[t.COMPARATORLOOSE] : re[t.COMPARATOR]
var compRe = loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
var set = range.split(' ').map(function (comp) {

@@ -1082,3 +1129,3 @@ return parseComparator(comp, this.options)

function replaceTilde (comp, options) {
var r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]
var r = options.loose ? safeRe[t.TILDELOOSE] : safeRe[t.TILDE]
return comp.replace(r, function (_, M, m, p, pr) {

@@ -1124,3 +1171,3 @@ debug('tilde', comp, _, M, m, p, pr)

debug('caret', comp, options)
var r = options.loose ? re[t.CARETLOOSE] : re[t.CARET]
var r = options.loose ? safeRe[t.CARETLOOSE] : safeRe[t.CARET]
return comp.replace(r, function (_, M, m, p, pr) {

@@ -1184,3 +1231,3 @@ debug('caret', comp, _, M, m, p, pr)

comp = comp.trim()
var r = options.loose ? re[t.XRANGELOOSE] : re[t.XRANGE]
var r = options.loose ? safeRe[t.XRANGELOOSE] : safeRe[t.XRANGE]
return comp.replace(r, function (ret, gtlt, M, m, p, pr) {

@@ -1260,3 +1307,3 @@ debug('xRange', comp, ret, gtlt, M, m, p, pr)

// Looseness is ignored here. star is always as loose as it gets!
return comp.trim().replace(re[t.STAR], '')
return comp.trim().replace(safeRe[t.STAR], '')
}

@@ -1587,3 +1634,3 @@

if (!options.rtl) {
match = version.match(re[t.COERCE])
match = version.match(safeRe[t.COERCE])
} else {

@@ -1599,3 +1646,3 @@ // Find the right-most coercible string that does not share

var next
while ((next = re[t.COERCERTL].exec(version)) &&
while ((next = safeRe[t.COERCERTL].exec(version)) &&
(!match || match.index + match[0].length !== version.length)

@@ -1607,6 +1654,6 @@ ) {

}
re[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
safeRe[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
}
// leave it in a clean state
re[t.COERCERTL].lastIndex = -1
safeRe[t.COERCERTL].lastIndex = -1
}

@@ -1613,0 +1660,0 @@

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc